General

  • Target

    Setup.exe

  • Size

    20.0MB

  • Sample

    250704-xpke5axth1

  • MD5

    40180c9e63d60aba29b1e7e2b29a9eaa

  • SHA1

    6b53fbfadd28e444fff1db9e32cae3451e5ef46d

  • SHA256

    d3c22710f244666262c76a87f538636509bd78b30815f8440a3d770033e9ab1c

  • SHA512

    5aaacdee7d367b52d5e53b461f61f8e4aff554f3a7db086394494598fe288618990c6de6d0e6cf42eca6376ef0bfba3df191f8eb045da5238349bdf553ee6940

  • SSDEEP

    24576:K0aA2o2hnR4fHBaf5ID0dWGensRlrhEO5q9V0GUWwEDTeqaMFi7:KphnR4fHBfDqmnsHrq8GxwvNMFi7

Malware Config

Extracted

Family

lumma

C2

https://londqx.top/xjdq

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    8f99dee74a97e8e7ad084fe27897cd49da4643

Targets

    • Target

      Setup.exe

    • Size

      20.0MB

    • MD5

      40180c9e63d60aba29b1e7e2b29a9eaa

    • SHA1

      6b53fbfadd28e444fff1db9e32cae3451e5ef46d

    • SHA256

      d3c22710f244666262c76a87f538636509bd78b30815f8440a3d770033e9ab1c

    • SHA512

      5aaacdee7d367b52d5e53b461f61f8e4aff554f3a7db086394494598fe288618990c6de6d0e6cf42eca6376ef0bfba3df191f8eb045da5238349bdf553ee6940

    • SSDEEP

      24576:K0aA2o2hnR4fHBaf5ID0dWGensRlrhEO5q9V0GUWwEDTeqaMFi7:KphnR4fHBfDqmnsHrq8GxwvNMFi7

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks